/*
 * lws-minimal-secure-streams-smd
 *
 * Written in 2010-2020 by Andy Green <andy@warmcat.com>
 *
 * This file is made available under the Creative Commons CC0 1.0
 * Universal Public Domain Dedication.
 *
 *
 * This demonstrates a minimal http client using secure streams to access the
 * SMD api.
 */

#include <libwebsockets.h>
#include <string.h>
#include <signal.h>

static int interrupted, bad = 1, count_p1, count_p2, count_tx;
static lws_sorted_usec_list_t sul_timeout;

/*
 * If the -proxy app is fulfilling our connection, then we don't need to have
 * the policy in the client.
 *
 * When we build with LWS_SS_USE_SSPC, the apis hook up to a proxy process over
 * a Unix Domain Socket.  To test that, you need to separately run the
 * ./lws-minimal-secure-streams-proxy test app on the same machine.
 */

#if !defined(LWS_SS_USE_SSPC)
static const char * const default_ss_policy =
	"{"
		"\"schema-version\":1,"
		"\"s\": ["
			"{"
				/*
				 * "captive_portal_detect" describes
				 * what to do in order to check if the path to
				 * the Internet is being interrupted by a
				 * captive portal.  If there's a larger policy
				 * fetched from elsewhere, it should also include
				 * this since it needs to be done at least after
				 * every DHCP acquisition
				 */
				"\"captive_portal_detect\": {"
					"\"endpoint\": \"connectivitycheck.android.com\","
					"\"http_url\": \"generate_204\","
					"\"port\": 80,"
					"\"protocol\": \"h1\","
					"\"http_method\": \"GET\","
					"\"opportunistic\": true,"
					"\"http_expect\": 204,"
					"\"http_fail_redirect\": true"
				"}"
			"}"
		"]"
	"}"
;

#endif

typedef struct myss {
	struct lws_ss_handle 		*ss;
	void				*opaque_data;
	/* ... application specific state ... */
	lws_sorted_usec_list_t		sul;
	char				alternate;
} myss_t;


/* secure streams payload interface */

static int
myss_rx(void *userobj, const uint8_t *buf, size_t len, int flags)
{
//	myss_t *m = (myss_t *)userobj;

	lwsl_notice("%s: len %d, flags: %d\n", __func__, (int)len, flags);
	lwsl_hexdump_notice(buf, len);

	count_p1++;

	return 0;
}

static void
sul_tx_periodic_cb(lws_sorted_usec_list_t *sul)
{
	myss_t *m = lws_container_of(sul, myss_t, sul);

	lwsl_notice("%s: requesting TX\n", __func__);
	lws_ss_request_tx(m->ss);
}

static int
myss_tx(void *userobj, lws_ss_tx_ordinal_t ord, uint8_t *buf, size_t *len,
	int *flags)
{
	myss_t *m = (myss_t *)userobj;

	lwsl_notice("%s: sending SS smd\n", __func__);

	/*
	 * The SS RX isn't going to see INTERACTION messages, because its class
	 * filter doesn't accept INTERACTION class messages.  The direct
	 * participant we also set up for the test will see them though.
	 *
	 * Let's alternate between sending NETWORK class smd messages and
	 * INTERACTION so we can test both rx paths
	 */

	m->alternate++;
	lws_ser_wu64be(buf, (m->alternate & 1) ? LWSSMDCL_NETWORK : LWSSMDCL_INTERACTION);
	lws_ser_wu64be(buf + 8, 0); /* valgrind notices uninitialized if left */

	if (m->alternate == 4) {
		/*
		 * after a few, let's request a CPD check
		 */
		*len = LWS_SMD_SS_RX_HEADER_LEN +
			lws_snprintf((char *)buf + LWS_SMD_SS_RX_HEADER_LEN, *len,
				    "{\"trigger\": \"cpdcheck\", \"src\":\"SS-test\"}");
	} else

		*len = LWS_SMD_SS_RX_HEADER_LEN +
			lws_snprintf((char *)buf + LWS_SMD_SS_RX_HEADER_LEN, *len,
				     (m->alternate & 1) ? "{\"class\":\"NETWORK\"}" :
						    "{\"class\":\"INTERACTION\"}");

	*flags = LWSSS_FLAG_SOM | LWSSS_FLAG_EOM;

	count_tx++;

	lws_sul_schedule(lws_ss_get_context(m->ss), 0, &m->sul,
			 sul_tx_periodic_cb, 250 * LWS_US_PER_MS);

	return 0;
}

static int
myss_state(void *userobj, void *h_src, lws_ss_constate_t state,
	   lws_ss_tx_ordinal_t ack)
{
	myss_t *m = (myss_t *)userobj;

	if (state == LWSSSCS_DESTROYING) {
		lws_sul_cancel(&m->sul);
		return 0;
	}

	if (state == LWSSSCS_CONNECTED) {
		lwsl_notice("%s: CONNECTED\n", __func__);
		lws_sul_schedule(lws_ss_get_context(m->ss), 0, &m->sul,
				 sul_tx_periodic_cb, 1);
		return 0;
	}

	return 0;
}

static const lws_ss_info_t ssi_lws_smd = {
	.handle_offset		  = offsetof(myss_t, ss),
	.opaque_user_data_offset  = offsetof(myss_t, opaque_data),
	.rx			  = myss_rx,
	.tx			  = myss_tx,
	.state			  = myss_state,
	.user_alloc		  = sizeof(myss_t),
	.streamtype		  = LWS_SMD_STREAMTYPENAME,
	.manual_initial_tx_credit = LWSSMDCL_SYSTEM_STATE |
				    LWSSMDCL_NETWORK,
};

/* for comparison, this is a non-SS lws_smd participant */

static int
direct_smd_cb(void *opaque, lws_smd_class_t _class, lws_usec_t timestamp,
	      void *buf, size_t len)
{
	struct lws_context **pctx = (struct lws_context **)opaque;

	lwsl_notice("%s: class: 0x%x, ts: %llu\n", __func__, _class,
		  (unsigned long long)timestamp);
	lwsl_hexdump_notice(buf, len);

	count_p2++;

	if (_class != LWSSMDCL_SYSTEM_STATE)
		return 0;

	if (!lws_json_simple_strcmp(buf, len, "\"state\":", "OPERATIONAL")) {

#if !defined(LWS_SS_USE_SSPC)
		/*
		 * Let's trigger a CPD check, just as a test.  SS can't see it
		 * anyway since it doesn't listen for NETWORK but the direct /
		 * local participant will see it and the result
		 *
		 * This process doesn't run the smd / captive portal action
		 * when it's a client of the SS proxy.  SMD has to be passed
		 * via the SS _lws_smd proxied connection in that case.
		 */
		(void)lws_smd_msg_printf(*pctx, LWSSMDCL_NETWORK,
				   "{\"trigger\": \"cpdcheck\", \"src\":\"direct-test\"}");
#endif

		/*
		 * Create the SS link to lws_smd... notice in ssi_lws_smd
		 * above, we tell this link to use a class filter that excludes
		 * NETWORK messages.
		 */

		if (lws_ss_create(*pctx, 0, &ssi_lws_smd, NULL, NULL, NULL, NULL)) {
			lwsl_err("%s: failed to create secure stream\n",
				 __func__);

			return -1;
		}
	}

	return 0;
}


static void
sul_timeout_cb(lws_sorted_usec_list_t *sul)
{
	interrupted = 1;
}


static void
sigint_handler(int sig)
{
	interrupted = 1;
}

int main(int argc, const char **argv)
{
	struct lws_context_creation_info info;
	struct lws_context *context;

	signal(SIGINT, sigint_handler);

	memset(&info, 0, sizeof info);
	lws_cmdline_option_handle_builtin(argc, argv, &info);

	lwsl_user("LWS Secure Streams SMD test client [-d<verb>]\n");

	info.fd_limit_per_thread	= 1 + 6 + 1;
	info.port			= CONTEXT_PORT_NO_LISTEN;
#if !defined(LWS_SS_USE_SSPC)
	info.pss_policies_json		= default_ss_policy;
#else
	info.protocols			= lws_sspc_protocols;
#endif
	info.options			= LWS_SERVER_OPTION_EXPLICIT_VHOSTS |
					  LWS_SERVER_OPTION_DO_SSL_GLOBAL_INIT;

	info.early_smd_cb		= direct_smd_cb;
	info.early_smd_class_filter	= 0xffffffff;
	info.early_smd_opaque		= &context;

	/* create the context */

	context = lws_create_context(&info);
	if (!context) {
		lwsl_err("lws init failed\n");
		return 1;
	}

#if defined(LWS_SS_USE_SSPC)
	if (!lws_create_vhost(context, &info)) {
		lwsl_err("%s: failed to create default vhost\n", __func__);
		goto bail;
	}
#endif

	/* set up the test timeout */

	lws_sul_schedule(context, 0, &sul_timeout, sul_timeout_cb,
			 4 * LWS_US_PER_SEC);

	/* the event loop */

	while (lws_service(context, 0) >= 0 && !interrupted)
		;

	/* compare what happened with what we expect */

#if defined(LWS_SS_USE_SSPC)
	/* if SSPC
	 *
	 *  - the SS _lws_smd link does not enable INTERACTION class, so doesn't
	 *    see these messages (count_p1 is half count_tx)
	 *
	 *  - the direct smd participant sees local state, but it doesn't send
	 *    any local CPD request, since as a client it doesn't do CPD
	 *    directly (count_p2 -= 1 compared to non-SSPC)
	 *
	 *  - one CPD trigger is sent on the proxied SS link (countp1 += 1)
	 */
	if (count_p1 >= 6 && count_p2 >= 11 && count_tx >= 12)
#else
	/* if not SSPC, then we can see direct smd activity */
	if (count_p1 >= 2 && count_p2 >= 15 && count_tx >= 5)
#endif
		bad = 0;

	lwsl_notice("%d %d %d\n", count_p1, count_p2, count_tx);

#if defined(LWS_SS_USE_SSPC)
bail:
#endif
	lws_context_destroy(context);

	lwsl_user("Completed: %s\n", bad ? "failed" : "OK");

	return bad;
}